Lucene search
K

2876 matches found

Tenable Nessus
Tenable Nessus
added 2019/09/16 12:0 a.m.29 views

EulerOS 2.0 SP5 : openssl110h (EulerOS-SA-2019-1890)

According to the versions of the openssl110h packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation. RFC 7539 specifies that the nonce...

7.4CVSS6.3AI score0.05701EPSS
Exploits0References3
Pen Test Partners Blog
Pen Test Partners Blog
added 2019/09/03 6:55 a.m.142 views

Pwning a Siemens Scalance ICS switch through ARM reversing

We’ve been working in industrial control systems security for a long time. Several of the team here used to work in OT control rooms or support SCADA environments. Whilst pen testing a ship control system, we noticed a heavy reliance on Siemens Scalance industrial ethernet switches, so bought a...

2.1CVSS6.2AI score0.00301EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2019/08/13 3:18 p.m.2 views

kernel: Salsa20 encryption algorithm does not correctly handle zero-length inputs allowing local attackers to cause denial-of-service

The Salsa20 encryption algorithm in the Linux kernel, before 4.14.8, does not correctly handle zero-length inputs. This allows a local attacker the ability to use the AFALG-based skcipher interface to cause a denial of service uninitialized-memory free and kernel crash or have an unspecified othe...

7.8CVSS6.8AI score0.00428EPSS
Exploits0References4
OSV
OSV
added 2019/07/31 5:10 p.m.1 views

USN-4083-1 openjdk-lts vulnerabilities

It was discovered that OpenJDK did not sufficiently validate serial streams before deserializing suppressed exceptions in some situations. An attacker could use this to specially craft an object that, when deserialized, would cause a denial of service. CVE-2019-2762 It was discovered that in some...

5.8CVSS6.9AI score0.09393EPSS
Exploits3References8
RedHat Linux
RedHat Linux
added 2019/07/22 12:58 p.m.6 views

OpenJDK: Non-constant time comparison in ChaCha20Cipher (Security, 8221344)

Vulnerability in the Java SE component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 11.0.3 and 12.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful...

3.1CVSS7.4AI score0.01682EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2019/07/22 12:41 p.m.6 views

OpenJDK: Non-constant time comparison in ChaCha20Cipher (Security, 8221344)

Vulnerability in the Java SE component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 11.0.3 and 12.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful...

3.1CVSS7.4AI score0.01682EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2019/07/22 12:0 a.m.33 views

EulerOS 2.0 SP2 : gnutls (EulerOS-SA-2019-1743)

According to the version of the gnutls packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A cache-based side channel attack was found in the way GnuTLS implements CBC-mode cipher suites. An attacker could use a combination of 'Just in...

5.6CVSS6.3AI score0.00388EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2019/07/09 12:0 a.m.30 views

EulerOS Virtualization for ARM 64 3.0.2.0 : gnutls (EulerOS-SA-2019-1693)

According to the version of the gnutls packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - A cache-based side channel attack was found in the way GnuTLS implements CBC-mode cipher suites. An attacker could use a...

5.6CVSS6.2AI score0.00388EPSS
Exploits0References2
Prion
Prion
added 2019/07/03 6:15 p.m.20 views

Code injection

On BIG-IP 14.1.0-14.1.0.5, undisclosed SSL traffic to a virtual server configured with a Client SSL profile may cause TMM to fail and restart. The Client SSL profile must have session tickets enabled and use DHE cipher suites to be affected. This only impacts the data plane, there is no impact to...

4.3CVSS7.5AI score0.01309EPSS
Exploits0References2Affected Software13
CVE
CVE
added 2019/07/03 5:50 p.m.79 views

CVE-2019-6629

CVE-2019-6629 affects F5 BIG-IP 14.1.0 (14.1.0 to 14.1.0.5) where undisclosed SSL traffic to a virtual server with a Client SSL profile using session tickets and DHE cipher suites can cause the Traffic Management Microkernel (TMM) to fail and restart. The impact is limited to the data plane; the ...

7.5CVSS7.4AI score0.01309EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/07/03 5:50 p.m.27 views

CVE-2019-6629

On BIG-IP 14.1.0-14.1.0.5, undisclosed SSL traffic to a virtual server configured with a Client SSL profile may cause TMM to fail and restart. The Client SSL profile must have session tickets enabled and use DHE cipher suites to be affected. This only impacts the data plane, there is no impact to...

7.5AI score0.01309EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2019/07/02 12:0 a.m.28 views

EulerOS 2.0 SP5 : gnutls (EulerOS-SA-2019-1676)

According to the version of the gnutls packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A cache-based side channel attack was found in the way GnuTLS implements CBC-mode cipher suites. An attacker could use a combination of 'Just in...

5.6CVSS6.3AI score0.00388EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2019/06/12 12:0 a.m.66 views

SSL/TLS Forward Secrecy Cipher Suites Not Supported

The remote host use at least one SSL/TLS ciphers that does not offer forward secrecy FS also known as perfect forward secrecy PFS. It's a feature that provides assurances the session keys will not be compromised even if the server's private key is compromised. No source data...

6.9AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 2019/06/06 3:57 p.m.10 views

qpid-proton: TLS Man in the Middle Vulnerability

A cryptographic weakness was discovered in qpid-proton's use of TLS. If the qpid-proton client was used without client certificates, it would accept an anonymous cipher offered by the server. A man-in-the-middle attacker could use this to silently intercept traffic that should have been encrypted...

7.4CVSS5.8AI score0.0615EPSS
Exploits0References5
Exploit DB
Exploit DB
added 2019/06/05 12:0 a.m.835 views

IBM Websphere Application Server - Network Deployment Untrusted Data Deserialization Remote Code Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'IBM Websphere Application Server Network Deployment Untrusted Data Deserialization Remote Code Execution', 'Description' = % This module exploits...

9.8CVSS7.4AI score0.06283EPSS
Exploits3
Tenable Nessus
Tenable Nessus
added 2019/06/03 12:0 a.m.293 views

OpenSSL 1.1.1 < 1.1.1c Vulnerability

The version of OpenSSL installed on the remote host is prior to 1.1.1c. It is, therefore, affected by a vulnerability as referenced in the 1.1.1c advisory. - ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation. RFC 7539 specifies that the nonce...

7.4CVSS6.3AI score0.05701EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2019/05/22 7:40 p.m.25 views

Security Bulletin: IBM API Connect V5 is potentially impacted by a weak cipher (CVE-2019-4256)

Summary API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2019-4256 DESCRIPTION: IBM API Connect uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. CVSS Base Score: 5.9 CVSS Temporal Score:...

7.5CVSS2.2AI score0.01325EPSS
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 2019/05/20 2:12 p.m.176 views

Moderate: Red Hat Security Advisory: Red Hat Quay 3.0.2 security and bug fix update

An update is now available for Red Hat Quay 3. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

7.5CVSS6.7AI score0.95707EPSS
Exploits7References3
Tenable Nessus
Tenable Nessus
added 2019/05/16 12:0 a.m.58 views

OpenVPN < 2.3.15 Weak Cryptographic Cipher Vulnerability (Windows)

According to its self-reported version number, the version of OpenVPN installed on the remote Windows host is prior to 2.3.15. It is, therefore, affected by a weak cryptographic cipher vulnerability. OpenVPN's default cipher, BF-CBC, is vulnerable to plaintext recovery when enough cipher text has...

5.9CVSS6.5AI score0.0594EPSS
Exploits0References2
ThreatPost
ThreatPost
added 2019/05/15 2:50 p.m.53 views

Billions of Malicious Bots Attacks Take to Cipher-Stunting to Hide

When it comes to cyberattacks, adversaries are focusing not just on advanced malware development, but also on increasing the sophistication of their evasion techniques. This is playing out lately in the form of ballooning instances of “cipher stunting” – a TLS tampering technique that helps...

7.1AI score
Exploits0References4
Rows per page
Query Builder